~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security(TM) Agent 8.0 Service Pack 2 Patch 2, Deep Security Relay 8.0 Service Pack 2 Patch 2, and Deep Security Notifier 8.0 Service Pack 2 Patch 2 for Microsoft(TM) Windows(TM) Platforms: Windows 8.1 and Windows 2012 R2 Windows Server 2012 Windows 8 (32-bit and 64-bit) Windows 7 (32-bit and 64-bit), Windows Server 2008 R2 (64-bit), Windows Server 2008 (32-bit and 64-bit), Windows Server 2008 Hyper-V(*), Windows Vista (32-bit and 64-bit), Windows Server 2003 Service Pack 2 32-bit and 64-bit) with "Windows Server 2003 Scalable Networking Pack" Patch, Windows Server 2003 Service Pack 2 (32-bit and 64-bit), Windows Server 2003 R2 Service Pack 2 (32-bit and 64-bit), Windows XP (32-bit and 64-bit), Windows XP Embedded(**) (²)There is no agentless solution for Windows Hyper-V. The Agent installed on the Hyper-V hypervisor will only protect the hypervisor itself. In order to protect guest images running on Hyper-V an Agent must be installed on each Hyper-V guest. (**)Due to the customization possible with Windows XP Embedded, we request that customers validate correct operation in their own environment to ensure that the services and ports required to run the Deep Security Agent have been enabled. Not currently supported: Windows Server 2008 Core, Microsoft Virtual Server 2005 R2 SP2 Date: January 24, 2014 Release: 8.0 Service Pack 2 Patch 2 Build Version: 8.0.0.2202 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the click through license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our web site at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/ virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center web site: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security Agent 8.0 Service Pack 2 Patch 2 for Windows 1.1 Overview of this Release 1.2 Who Should Install this Release 1.3 Support Expiration Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security Agent 8.0 Service Pack 2 Patch 2 for Windows ======================================================================== 1.1 Overview of this Release ===================================================================== Deep Security Agent 8.0 for Windows Service Pack 2 Patch 2 resolves several issues in Deep Security Agent 7.0, 7.5, or 8.0. 1.2 Who Should Install this Release ===================================================================== You should install Deep Security Agent 8.0 for Windows Service Pack 2 Patch 2 for Windows if you are currently running Deep Security 7.0, 7.5, or 8.0. 1.3 Support Expiration Notice ===================================================================== Deep Security Agent 8.0 Service Pack 2 Patch 2 for Windows supports updates from versions 7.0, 7.5, and 8.0 only and does not support updates from version 6.1 or any older version. Trend Micro strongly recommends upgrading to the most recent version to take full advantage of the new features and improved performance. Please visit the Trend Micro Download Center web site to download the latest releases at: http://downloadcenter.trendmicro.com/ Deep Security 7.0 was the last release that included an Agent for the Windows 2000 platform. For 8.0, customers wishing to protect Windows 2000 Servers will still be able to manage the 7.0 Agent; however, the Agent will not support new functionality provided by the new Manager. 2. What's New ======================================================================== For major changes in Deep Security 8.0 Service Pack 2 from previously released versions of Deep Security, please read the "What's New in 8.0 SP2" section of the Deep Security "Administrator's Guide" or the Deep Security Manager on-line help, available for download from the Trend Micro Download Center. 2.1 Enhancements ===================================================================== There are no enhancements for this Patch. 2.2 Resolved Known Issues ===================================================================== Deep Security Agent 8.0 Service Pack 2 Patch 2 for Windows resolves the following issues: Issue 1: Sometimes, an exception error causes the Deep Security Relay service to stop unexpectedly while the service checks new security components. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch corrects the handle on the iAU module to prevent the exception error and ensure that the Deep Security Relay service can check new security components without issues. Issue 2: Some Deep Packet Inspection (DPI) events are not displayed on the "DPI Events" page of "dsa_config.exe". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch increases the internal buffer that "dsa_config.exe" uses to read the "dsa_mpnp" log to 8 KB. Since the maximum size of the log file is only 4 KB, this solution can help ensure that all Deep Packet Inspection events can now be displayed. Issue 3: In computers running any 32-bit Microsoft(TM) Windows(TM) platform and protected by Deep Security Agent, the "ds_agent" process stops responding while running on a Citrix-based virtual environment if it cannot communicate to the Web Reputation Service (WRS) rating server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Patch improves the error-handling mechanism to properly handle errors that occur when "ds_agent" cannot communicate the WRS rating server and allows the Deep Security Agent to report to the Deep Security Manager that it is "offline". Issue 4: A buffer-overrun could cause the Windows "ds_agent" service to stop unexpectedly while starting, during upgrades, or when an endpoint restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch ensures that Deep Security Agent passes the correct parameters to the crypto-library which can help prevent the Windows "ds-agent" from stopping unexpectedly. Issue 5: A synchronization issue in the AMSP component can trigger Deep Security Agent to use a high percentage of CPU resources on the Windows platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Patch resolves the synchronization issue on the read/write lock mechanism to ensure that the CPU usage of Deep Security Agent remains under normal levels. Issue 6: Sometimes, Deep Security Agent may attempt to access an invalid memory while users attempt to manually start or stop the Deep Security Agent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Patch removes references to non-existent objects and allows Deep Security Agent to validate encrypted data buffers before attempting to access any data. 3. Documentation Set ======================================================================== In addition to this readme, the documentation set for this product includes the following: o Deep Security 8.0 SP2 Getting Started and Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. o Deep Security 8.0 SP2 Administrator’s Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. o Readme files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent (including Relay and Notifier), Virtual Appliance and ESX Filter Driver. o Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the "Deep Security 8.0 SP2 Getting Started and Installation Guide". 5. Installation/Uninstallation ======================================================================== See the "Deep Security 8.0 SP2 Getting Started and Installation Guide" document available for download from the Trend Micro Download Center. 6. Known Incompatibilities ======================================================================== 1. Resonate Load Balancer (5.0.1) Deep Security Agents Affected: All Issue: Environments in which the Resonate load balancing software is installed may experience a loss of Resonate functionality when the Deep Security Agent is installed. Resolution: Restart the Resonate Central Dispatch Controller services. 2. Trend Micro Client Server Messaging Security for SMB Deep Security Agents Affected: All Issue: Connectivity issues have been noted when running with Trend Micro Client Server Messaging Security for SMB older than Version 3.5 Build 1113. Resolution: Upgrade your Trend Micro Client Server Messaging Security to Version 3.5 Build 1138 or higher. 3) Realtek RTL8169/8110 Family Gigabit Ethernet NIC Deep Security Agents Affected: All Issue: Issues have been noted when using Version 5.663.1212.2006 of the Realtek Gigabit Ethernet NIC Resolution: To resolve the issue, upgrade the driver to the latest version. 4) Intel(R) PRO/100+ Dual Port Server Adapter Deep Security Agents Affected: All Issue: Issues have been noted when using Intel NIC cards with driver versions less than 8.0.17.0 Resolution: To resolve the issue, upgrade the driver to version v8.0.19 or higher. 5) Microsoft Network Load Balancer (MS-NLB) Deep Security Agents Affected: All Issue: Issues have been noted when using Microsoft Network Load Balancer (MS-NLB) Resolution: MS-NLB is incompatible with Deep Security Agent and currently there is no solution available for this incompatibility. 7. Known Issues ======================================================================== - You may see the following system event when you install Deep Security Agent 8.0 Service Pack 2 Patch 2 on Windows Vista, Windows 2008, or Windows 7: The Trend Micro Deep Security Agent service is marked as an interactive service. However, the system is configured not allow interactive services. This service may not function properly. This is a normal warning on Windows Vista or higher. On these platforms, Windows does not allow services to interact with the user's desktop, so the operating system displays the warning when the Agent tries use interactive services. This desktop interaction feature is used by the Agent to provide the reboot notice on pre-Vista versions of Windows. The warning message can be safely ignored. [Deep Security 8.0 Tier 2-00253] - In order to upgrade to Deep Security 8.0 Service Pack 2 on Windows Vista, you must first install the Microsoft Visual C++ Redistributable Package from: http://www.microsoft.com/download/en/details.aspx?id=26347 You need to restart the computer after installing the package from Microsoft. The upgrade may fail if you do not restart the computer. To recover from this, you can install the package and re-run the installer. [Deep Security 8.0-01044] - In some cases the Deep Security Relay nginx process may use up all CPU resources and the error log may grow to a large size. If this occurs, you can stop the Deep Security Relay from the services control panel, remove the error.log, and restart the service. [Deep Security 8.0 Tier 2-00220] - If you wish to use Point To Point Tunneling Protocol (PPTP) with Deep Security, you must modify some of the advanced settings. To modify the settings for PPTP: a. Log on to Deep Security Manager and go to "System Settings > Network Engine". b. Check the "Advanced Settings" check box and set the following: Filter IPV4 Tunnels: Disable detection of IPV4 Tunnels Maximum Tunnel Depth: 4 Action if Maximum Tunnel Depth Exceeded: Bypass c. Click "Save". [Deep Security 8.0 Tier 2-00200] - Because the Deep Security Relay server does not support a component rollback, if a rollback is performed on a Deep Security Relay, the components listed in the Deep Security Manager may not match the actual versions available on the Deep Security Relay Server. The next update of components will re-synch the component versions displayed in Deep Security Manager. [Deep Security 8.0 Tier 2-00180] - When you activate a Deep Security Agent that has been installed with Anti-Malware protection enabled, the Agent immediately downloads the latest Anti-Malware components (virus patterns, detection engines, etc.) from the Deep Security Relay. If you install a Deep Security Agent without enabling Anti-Malware protection and then subsequently enable Anti-Malware protection from the Deep Security Manager, the component update will not run until the next heartbeat. You can force a component update by selecting the computer in the Manager’s Computers screen, right-clicking it, and selecting "Actions > Update Components". Anti-Malware protection will not be in effect on the computer until this update occurs. [Deep Security 8.0 Tier 2-00136] - Deep Security Notifier may not start after a remote upgrade of the Deep Security Agent. If this occurs, you can manually restart the Notifier from the start menu or restart the service. [Deep Security 8.0-01196] - On the "Custom Setup" page of the Deep Security Agent or Relay installer, the text for the Anti-Malware component indicates that "URL filtering" is part of the component functionality. That is not correct. The Web Reputation feature is provided on the Agent by the DPI component. - DPI is not supported over SSL connections when using IPv6. - On Windows XP, you may encounter the "Fatal Error During Installation" message if you attempt to uninstall the Agent or Relay through the "Add/Remove programs" screen while self protection is enabled. This is a Windows error indicating that the uninstall did not proceed (because self protection is enabled). It is not a fatal error. [Deep Security 8.0-00410] - When running a manual Anti-Malware scan while Smart Scan is enabled, if the Agent cannot contact the Smart Scan server, the scan type in the resulting error event will indicate "Real-Time" scan instead of "Manual" scan. [Deep Security 8.0 Tier 2-00024] - When upgrading the Deep Security Agent, if the network connectivity is lost for an extended period of time, it may be necessary to restart the Deep Security Agent's host machine. - NDIS drivers may stop unexpectedly during installation or uninstallation if data packets are not freed correctly. The Deep Security Agent with accompanying NDIS 5.1 or NDIS 6.0 driver now frees all data packets correctly before any upgrade or before uninstallation. However, when installing or uninstalling NDIS drivers, Microsoft requires that all NDIS drivers be unbound and then rebound. This means that if other third-party NDIS drivers do not properly free packets, it is still possible for the Deep Security Agent installation, upgrade, or uninstallation to stop unexpectedly. This is beyond Trend Micro's control and will only happen in very limited situations. If this does occur, you can restart the computer and start the installation, uninstallation, or upgrade again. - Under certain circumstances the Firewall and DPI Events on the Deep Security Agent or the Deep Security Manager display numbers for a DPI rule, traffic stream, Firewall rule, and DPI rule instead of the object's name. This occurs when the event viewer does not have access to the objects referred to by the event log entry. This situation can arise for a number of reasons: For example: - The rule has been unassigned from the host. – Deep Security Agent has been locally deactivated, which rolls it back to a pre-activation state and triggers it to clear all previous security settings. - A new set of rules has been assigned to the Deep Security Agent but users have not clicked on the "Refresh" button on the "Configuration" tab. - With VMware vSphere4, if a new Ethernet adapter is dynamically added to a running Windows image and the Deep Security Agent is installed on that image, it may not be protected by the Agent installed on the virtual machine. To ensure that the newly-added adapter is protected, perform the following steps after adding a new Ethernet device in the vSphere client: a. Open the virtual machine console. b. Go to "Control Panel > Network Connections". c. Select the network adapter that you just added. d. Click "Properties". e. Verify that the "Trend Micro DSA Filter Driver" item is checked. f. Click "OK". [10559] - Log Inspection events have a size limitation of 6000 characters. - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status becomes "Stand By" but the Deep Security Virtual Appliance is actually online and will still be able to generate DPI and firewall events when rules are triggered.. [10948] 8. Release History ======================================================================== - 8.0.0.1630 March 12, 2012 - 8.0.0.1733 April 30, 2012 - 8.0.0.1770 August 17, 2012 - 8.0.0.2119 January 8, 2013 (Service Pack 2) - 8.0.0.2151 June 14, 2013 (Service Pack 2 Patch 1) Hot Fix 2184 Issue: An invalid memory access error occurs on computers running Windows when an SSL handshaking session on the Deep Security Agent uses unsupported SSL ciphers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix resolves this issue by preventing any SSL handshaking session on Deep Security Agents on Windows systems from using unsupported SSL ciphers. Hot Fix 2175 Issue 1: In a Linux-bonded interface environment protected by the Deep Security Agent, the "service-network-stop" interface may become unresponsive. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix improves the reference count-handling for the MAC addresses of the physical interfaces to help ensure that the interface responds well in this environment. Issue 2: An "Illegal Character in URI" may be falsely detected beyond the end of packet data. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix resolves this issue. Hot Fix 2171 Issue: Sometimes, an exception error causes the Deep Security Relay service to stop unexpectedly while the service checks new security components. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix corrects the handle on the iAU module to prevent the exception error and ensure that the Deep Security Relay service can check new security components without issues. Hot Fix 2168 Issue 1: Computers running on any 32-bit Windows platform, protected by the Deep Security Agent, and that run on a Citrix-based virtual environment may stop responding if these cannot connect to the WRS ratings server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix improves the error-handling mechanism to help ensure that Deep Security Agents that cannot reach the WRS rating server are reported as offline to the Deep Security Manager. Issue 2: Some DPI Events are not displayed when a user enables the "DPI Events" pane of "dsa_config.exe". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix increases the internal buffer that "dsa_config.exe" uses to read the "dsa_mpnp" log to 8 KB. Since the "dsa_mpnp" log contains a maximum of 4 KB of text for packet data, this change ensures that all DPI events can be read and displayed correctly. 9. Files Included in this Release ======================================================================== This release is a complete installation. Use one of the following files: - Agent-Windows-8.0.0-xxxx.x86_64.msi (64-bit) - Agent-Windows-8.0.0-xxxx.i386.msi (32-bit) - Relay-Windows-8.0.0-xxxx.x86_64.msi (64-bit) - Relay-Windows-8.0.0-xxxx.i386.msi (32-bit) - Notifier-Windows-8.0.0-xxxx.i386.msi (32-bit - can be installed on 64-bit) 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, go to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen will display. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security, and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================== This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Deep Security Agent also makes use of the following software. 3rd party binary distributions: Expat (http://expat.sourceforge.net/) fksec (http://win32.mvps.org/) IP Filter (http://coombs.anu.edu.au/~avalon/) SQLite (http://www.sqlite.org/) WxWidgets (http://www.wxwidgets.org/) zlib (http://www.zlib.net/) 3rd party source: GMTime (http://www.jbox.dk/sanos/source/lib/time.c.html) Tree (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/sys/tree.h) The 3rd party software is subject to the licenses available in the following directory: [INSTALL DIRECTORY]\Licenses Public domain source code licenses are available here: SQLite - http://www.sqlite.org/copyright.html fksec - http://win32.mvps.org/license.html Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2014 Trend Micro Inc. All rights reserved. Published in Canada.